Privacy policy - Northern Data Investor Relations

Introduction and general information

Thank you for your interest in our website. The protection of your personal data is very important to us. In the following, you will find information on the handling of your data, which is collected through your use of our website. Your data will be processed in accordance with the legal regulations on data protection.

Responsible person in the sense of the DSGVO

Northern Data AG
An der Welle 3
60322 Frankfurt am Main
+49 69 34 87 52 25
compliance@northerndata.de

Contact details of the data protection officer

Proliance GmbH /
www.datenschutzexperte.de Datenschutzbeauftragter
Leopoldstr. 2180802
Münchendatenschutzbeauftragter@datenschutzexperte.de

Definitions

Our privacy policy is intended to be simple and understandable for everyone. In this privacy policy, the official terms of the General Data Protection Regulation (DSGVO) are generally used. The official definitions are explained in Art. 4 DSGVO.

Access to and storage of information in terminal equipment

By using our website, information (e.g. IP address) may be accessed or stored (e.g. cookies) in your terminal equipment. This access or storage may involve further processing of personal data within the meaning of the GDPR.

In cases where such access to information or such storage of information is absolutely necessary for the technically error-free provision of our services, this is done on the basis of Section 25 (1) Sentence 1, (2) No. 2 TTDSG.

In cases where such a process serves other purposes (e.g. the needs-based design of our website), this will only be carried out on the basis of Section 25 (1) TTDSG with your consent in accordance with Article 6 (1) a DSGVO. The consent can be revoked at any time for the future.

For more information on the processing of your personal data and the relevant legal basis in this context, please refer to the following sections on the specific processing activities on our website.

Web hosting

This website is hosted by an external service provider (Scaleway). The hosting of this website takes place in the Netherlands. Personal data collected on this website is stored on the hoster’s servers. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, web page accesses and other data generated via a website.

We have concluded an order processing contract with the provider in accordance with the requirements of Art. 28 DSGVO, in which we oblige the provider to protect our customers’ data and not to pass it on to third parties.

Server log files

When you call up our website, it is technically necessary for data to be transmitted to our web server via your internet browser. The following data is recorded during an ongoing connection for communication between your internet browser and our web server:

Date and time of the request
Name of the requested file
Page from which the file was requested
Access status
Web browser and operating system used
(Complete) IP address of the requesting computer
Amount of data transferred

We collect the listed data to ensure a smooth connection setup of the website and to enable a comfortable use of our website by the users. In addition, the log file serves the evaluation of system security and stability as well as administrative purposes. The legal basis for the temporary storage of the data or the log files is Art. 6 para. 1 lit. f DSGVO.
For reasons of technical security, in particular to defend against attempted attacks on our web server, we store this data for a short time. On the basis of this data, it is not possible for us to draw conclusions about individual persons. After 30 days
at the latest, the data is anonymised by shortening the IP address at domain level, so that it is no longer possible to establish a link to the individual user.
In addition, the data is processed in anonymous form for statistical purposes, if necessary. This data is never stored together with other personal data of the user, compared with other data or passed on to third parties.

Cookies

Our website uses so-called “cookies”. Cookies are small text files that are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your terminal device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your terminal device until you delete them yourself or an automatic solution is provided by your web browser.

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping cart function or language settings). Other cookies are used to evaluate user behaviour or to display advertising.

Technically necessary cookies are stored on the basis of Art. 6 (1) lit. f DSGVO. We have a legitimate interest in storing cookies for the technically error-free and optimized provision of our services. Other cookies are only stored with your consent on the basis of Art. 6 para. 1 lit. a DSGVO. The consent can be revoked at any time for the future. The legal basis may also arise from Art. 6 (1) lit. b DSGVO if the processing is necessary for the performance of a contract to which the data subject is a party, or for the performance of pre-contractual measures that are carried out at the request of the data subject.

If cookies are used for analysis purposes, we will inform you about this separately within the framework of this data protection declaration and obtain your consent.

You can set your browser so that you

be informed about the setting of cookies,
Allow cookies only in individual cases,
exclude the acceptance of cookies for certain cases or in general,
activate the automatic deletion of cookies when closing the browser.

The cookie settings can be managed under the following links for the respective browsers:

You can also manage cookies of many companies and functions used for advertising individually. To do this, use the corresponding user tools, available at https://www.aboutads.info/choices/ or http://www.youronlinechoices.com/uk/your-ad-choices.

Most browsers also offer a so-called “do-not-track” function. When this feature is enabled, the browser tells ad networks, websites and applications that you do not want to be “tracked” for behavioral advertising and the like.

For information and instructions on how to edit this feature, depending on your browser provider, see the links below:

In addition, you can prevent the loading of so-called scripts by default. “NoScript” allows the execution of JavaScripts, Java and other plug-ins only on trusted domains of your choice. Information and instructions on how to edit this function can be obtained from the provider of your browser (e.g. for Mozilla Firefox at: https://addons.mozilla.org/de/firefox/addon/noscript/).

Please note that if you disable cookies, the functionality of our website may be limited.

Change cookie settings

You can revoke or change your cookie settings at any time. To do so, access the cookie settings again via our “Manage Cookies” link. You can find this at any time at the bottom right of the website.”

Newsletter Mailchimp

If you would like to receive the newsletter offered on the website with regular information about our offers and products, we require your e-mail as mandatory information.

Additional data may be provided in order to address you personally in the newsletter and/or to identify you if you wish to exercise your rights as a data subject.

We use the so-called double opt-in procedure for sending the newsletter. This means that we will only send you our newsletter by e-mail if you have expressly confirmed that you consent to the sending of newsletters. In the first step, you will receive an e-mail with a link that you can use to confirm that you, as the owner of the corresponding e-mail address, wish to receive future newsletters. With the confirmation, you give us your consent in accordance with Art. 6 para. 1 lit. a DSGVO that we may use your personal data for the purpose of the desired newsletter dispatch.

When you register for the newsletter, we store, in addition to the e-mail address required for sending, the IP address through which you registered for the newsletter, as well as the date and time of registration and confirmation, in order to be able to trace any possible misuse at a later date.

You can unsubscribe from the newsletter at any time via the link included in each newsletter or by sending an e-mail to the responsible person named above. After unsubscribing, your e-mail address will be deleted immediately from our newsletter distribution list, unless you have expressly consented to the continued use of the collected data or the continued processing is otherwise permitted by law.

Our email newsletter is sent via a technical service provider, to whom we pass on the data you provided when registering for the newsletter. We have concluded an order processing contract with our e-mail service provider, in which we oblige him to protect our customers’ data and not to pass it on to third parties.

Service Provider: Mailchimp

Address: Rocket Science Group, LLC, 657 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA.

Standard data protection clauses: We have concluded standard data protection clauses with the provider based in the USA pursuant to Art. 46 (2) lit. c DSGVO in order to ensure an appropriate level of data protection. https://mailchimp.com/legal/data-processing-addendum/

The service provider uses the information from the newsletter registration to send and statistically evaluate the newsletter on our behalf. For the evaluation, the sent emails contain so-called web beacons or tracking pixels, which are single-pixel image files that are stored on our website. This makes it possible to determine whether a newsletter message has been opened and which links, if any, have been clicked on. With the help of so-called conversion tracking, it can also be analysed whether a pre-defined action (e.g. purchase of a product on our website) has taken place after clicking on the link in the newsletter. In addition, technical information is recorded (e.g. time of retrieval, IP address, browser type and operating system). The data is only collected pseudonymously and is not linked to your other personal data, a direct personal reference is excluded. This data is used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients. The legal basis for this data processing is your consent pursuant to Art. 6 Para. 1 lit. a DSGVO, which you give in the course of the newsletter registration.

If you wish to revoke your consent to data analysis for statistical evaluation purposes, you must unsubscribe from the newsletter.

EQS Newsletter

If you would like to receive the newsletter offered on the website with regular information about our offers and products, we require your e-mail as mandatory information. Additional data may be required in order to address you personally in the newsletter and/or to identify you if you wish to exercise your rights as a data subject.

We use the so-called double opt-in procedure for sending the newsletter. This means that we will only send you our newsletter by e-mail if you have expressly confirmed that you consent to the sending of newsletters. In the first step, you will receive an e-mail with a link that you can use to confirm that you, as the owner of the corresponding e-mail address, want to receive newsletters in the future. With the confirmation, you give us your consent in accordance with Art. 6 para. 1 lit. a DSGVO that we may use your personal data for the purpose of sending the desired newsletter.

When registering for the newsletter, we store, in addition to the e-mail address required for sending, the IP address through which you registered for the newsletter, as well as the date and time of registration and confirmation, in order to be able to track possible misuse at a later date.

You can unsubscribe from the newsletter at any time via the link included in each newsletter or by sending an e-mail to the responsible person named above. After unsubscribing, your e-mail address will be deleted from our newsletter distribution list immediately, unless you have expressly consented to the continued use of the collected data or the continued processing is otherwise permitted by law.

Our e-mail newsletters are sent via a technical service provider to whom we pass on the data you provided when registering for the newsletter. We have entered into an order processing agreement with our email service provider, in which we oblige them to protect our customers’ data and not to pass it on to third parties.

Service provider: EQS Group AG

Karlstrasse 47
D-80333 Munich

The service provider uses the information from the newsletter registration to send and statistically evaluate the newsletters on our behalf. For the evaluation, the sent e-mails contain so-called web beacons or tracking pixels, which are single-pixel image files stored on our website. This makes it possible to determine whether a newsletter message has been opened and which links, if any, have been clicked on. With the help of so-called conversion tracking, it can also be analyzed whether a predefined action (e.g. purchase of a product on our website) has taken place after clicking on the link in the newsletter. In addition, technical information is collected (e.g. time of retrieval, IP address, browser type and operating system). The data is collected exclusively pseudonymously and is not linked to your other personal data, a direct personal reference is excluded. This data is used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients. The legal basis for this data processing is your granted consent pursuant to Art. 6 (1) lit. a DSGVO, which you give in the course of newsletter registration.

If you wish to revoke your consent to data analysis for statistical evaluation purposes, you must unsubscribe from the newsletter.

Nasdaq

You can give us your consent via the Opt In field in the newsletter registration form to match your user data (name and email address) with the Nasdaq IR database. The service provider operates a platform for investor communication and analysis. The tool Nasdaq is used by Investor Relations to create investor reports, peer analyses, contact Nasdaq-registered institutional investors and generally organize investor relations (Meetings etc.).

Service Provider: Nasdaq IR
Taunusanlage 8, Frankfurt am Main, 60329, Germany
London: Woolgate Exchange, 25 Basinghall Street, London, EC2V 5HA, United Kingdom

We have concluded an order processing contract with the service provider, in which we oblige him to protect the data of our customers and not to pass them on to unauthorized third parties.

Standard Data Protection Clauses: We have concluded standard data protection clauses with the provider for the possible transfer of data to third countries in accordance with Art. 46 (2) lit. c DSGVO in order to ensure an adequate level of data protection. Data Processing Addendum | Nasdaq

The analysis data is deleted as soon as it is no longer required to achieve the purpose for which it was collected.
You can revoke your consent at any time by sending an email to compliance@northerndata.de.

Google Analytics

Our website uses Google Analytics, an internet analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics uses so-called “cookies”.

Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, and compiling reports on website activity. Google will also use this information to provide the website operator with other services related to the use of the website and the internet. The IP address sent by your browser as part of Google Analytics will not be combined with any other data held by Google. The processing is carried out in accordance with Art. 6 para. 1 lit. a DSGVO on the basis of the consent given by you.

We use Google Analytics only with activated IP anonymization. This means that your IP address is only processed by Google in a shortened form.

We have concluded an order processing contract with the service provider, in which we oblige him to protect the data of our customers and not to pass them on to third parties.

Since a transfer of personal data to the USA takes place, further protection mechanisms are required to ensure the level of data protection of the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 (2) lit. c DSGVO. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured by this contractual extension, we endeavour to obtain additional regulations and commitments from the recipient in the USA.

The Google Analytics terms of use and information on data protection can be accessed via the following links:
https://www.google.de/intl/de/policies/

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Deletion of data at user and event level linked to cookies, user IDs (e.g. User ID) and advertising IDs (e.g. DoubleClick cookies, Android advertising ID, IDFA [Apple identifier for advertisers]) takes place no later than 14 months after their collection.

You can prevent cookies from being saved by adjusting the settings of your browser software accordingly. However, we would like to point out that in this case you may not be able to use all functions of this website without restrictions. You can also prevent Google from collecting the data generated by the cookie and from analysing your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at https://tools.google.com/dlpage/gaoptout?hl=de.

EQS StockChart

We use the Stock Chart service on our website, a service provided by EQS Group AG, Karlstraße 47, 80333 Munich, Germany (hereinafter referred to as “EQS”). For this purpose, we process your IP address, which constitutes a personal data. The aforementioned data is transferred to the service provider EQS. The IP address is anonymized by EQS after 24 hours. We use EQS Stock Chart to display current stock prices on our website for information purposes. For this purpose, we process your personal data based on your prior consent (Art. 6 para. 1 lit. a DSGVO). You have the right to revoke your consent to the processing of your personal data at any time with effect for the future.

Further information on EQS StockChart can be found at: https://www.eqs.com/de/ir-loesungen/ir-tools/stock-chart/ and: https://www.eqs.com/en-gb/about-eqs/data-protection/.

Contacting our staff by e-mail

If you would like to contact one of our employees directly by e-mail, you have the option of clicking on “e-mail” in the contact details of an employee. You can then contact this employee via your preferred e-mail program. We only transmit the e-mail address of the selected employee or the selected contact address to this program in order to enable you to contact us smoothly. No further data processing takes place on our part at this point, but only as soon as we have received the data entered by you by e-mail. The legal basis for contacting us via e-mail are pre-contractual measures according to Art. 6 I lit. b DSGVO or our legitimate interest in answering your general inquiry according to Art. 6 I lit. f DSGVO. After contacting us, you will be informed separately about your rights according to DSGVO.

External links

Social networks and other websites are only integrated on our website as a link to the corresponding services. After clicking on the embedded text/image link, you will be redirected to the page of the respective provider. User information will only be transferred to the respective provider after the forwarding. For information on the handling of your personal data when using these websites, please refer to the respective data protection provisions of the providers you use.

Data transfer and recipients

Your personal data will not be transferred to third parties unless-
we have explicitly indicated this in the description of the respective data processing,
– you have given
your express consent in accordance with Art. 6 Para. 1 Sentence 1 lit. a DSGVO,
– the transfer in accordance with Art. 6 Para.
1 Sentence 1 lit. f DSGVO is necessary for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data,
– in the event that there is a legal obligation for the disclosure in
accordance with Art. 6 Para. 1 S. 1 lit. c DSGVO and-
insofar as this is necessary in
accordance with Art. 6 Para. 1 S. 1 lit. b DSGVO for the processing of contractual relationships with you.
In addition, we use external service providers for the processing of our services, which we have carefully selected, commissioned in writing and with whom we have concluded order processing agreements in accordance with Art. 28 DSGVO, if necessary. These are bound by our instructions and are regularly monitored by us. These are, among others, service providers for hosting, sending e-mails and maintenance and care of our IT systems, etc. The service providers will not pass this data on to third parties.

Data security

We take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk in accordance with Article 32 of the GDPR, taking into account the state of the art, the costs of implementation and the nature, scope, circumstances and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons. This website uses SSL encryption for security reasons and to protect the transmission of confidential content.

Duration of the storage of personal data

The duration of the storage of personal data is measured by the relevant statutory retention periods (e.g. from commercial law and tax law). After expiry of the respective period, the corresponding data is routinely deleted. If data is required for the performance of a contract or the initiation of a contract, or if we have a legitimate interest in continuing to store the data, the data will be deleted if it is no longer required for these purposes or if you exercise your right of revocation or objection.

your rights

In the following, you will find information on which data subject rights the applicable data protection law grants you vis-à-vis the controller with regard to the processing of your personal data:

The right to request information about your personal data processed by us in accordance with Art. 15 DSGVO. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it was not collected by us, as well as the existence of automated decision-making, including profiling and, if applicable, meaningful information about its details.

The right, in accordance with Art. 16 DSGVO, to demand the immediate correction of incorrect or completion of your personal data stored by us.

The right to request the erasure of your personal data stored by us in accordance with Art. 17 DSGVO, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims.

The right to request the restriction of the processing of your personal data in accordance with Art. 18 DSGVO, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer require the data, but you need it to assert, exercise or defend legal claims or you have objected to the processing in accordance with Art. 21 DSGVO.

The right, in accordance with Art. 20 DSGVO, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transferred to another controller.

The right to complain to a supervisory authority in accordance with Art. 77 DSGVO. As a rule, you can contact the supervisory authority of the federal state of our registered office stated above or, if applicable, that of your usual place of residence or workplace.

The right to revoke consent given in accordance with Art. 7 (3) DSGVO: You have the right to revoke consent to the processing of data once given at any time with effect for the future. In the event of revocation, we will delete the data concerned without delay, unless further processing can be based on a legal basis for processing without consent. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

Right of objection

Insofar as your personal data is processed by us on the basis of legitimate interests pursuant to Art. 6 (1) p. 1 lit. f DSGVO, you have the right to object to the processing of your personal data pursuant to Art. 21 DSGVO, insofar as this is done for reasons arising from your particular situation. Insofar as the objection is directed against the processing of personal data for the purpose of direct marketing, you have a general right of objection without the requirement to specify a particular situation.
If you wish to exercise your right of withdrawal or objection, an e-mail to: compliance@northerndata.de

Legal obligations

The provision of personal data for the decision on the conclusion of a contract, the performance of a contract or for the implementation of pre-contractual measures is voluntary. However, we can only make the decision in the context of contractual measures if you provide such personal data that are required for the conclusion of the contract, the performance of the contract or pre-contractual measures.

Automated decision making

An automated decision-making or profiling according to Art. 22 DSGVO does not take place.

Subject to change

We reserve the right to adapt or update this data protection declaration if necessary in compliance with the applicable data protection regulations. In this way, we can adapt it to the current legal requirements and take into account changes to our services, e.g. when introducing new services. The most current version applies to your visit.

Status of this data protection declaration: 01.11.2021